As automobiles became more reliant on computers, while at the same time becoming more connected to the internet, concerns grew over the possibility of hackers gaining control of a car’s systems. Many of those worries turned into outright fears after a pair of cybersecurity experts demonstrated to Wired how they can hack a vehicle (in this case a Jeep Cherokee) wirelessly while the car was driving down the freeway. To see such worries made real left many wondering what could be done to prevent future car hackings, ones that were performed by more malevolent figures. Since security breaches at large companies have become more commonplace and modern cars are similar to smartphones in many ways, concerns continue to grow over the threat of car hacking. Luckily, many manufacturers and organizations are treating the threat seriously and offering workable solutions to the problem.
While the bad news may be that some cars could be vulnerable to the wireless attack highlighted by Wired, those same security experts were working with Chrysler to identify weaknesses in their cars, giving the car manufacturer time to develop a patch. This software update was quickly made available to those who had purchased vulnerable vehicles, who could download the patch off of the internet onto a USB drive, which could then be plugged into the dashboard USB port. Customers could also take their vehicles into a dealership, who would ensure the software was updated correctly as well. The quick response showed by Chrysler indicated how fast they moved to solve the problem before a potential disaster occurred.
Other car companies are also maneuvering to show their commitment to improving the cybersecurity of their vehicles. GM created the position of chief product cybersecurity officer in 2014 to oversee the security of new vehicles. Ford has also stated that cybersecurity is now being worked into the very design of their vehicles and no longer being treated as an afterthought. Both Tesla and BMW have made updating vehicle software even easier by providing over-the-air updates. This means customers wouldn’t have to download an update to a USB drive or take the car into the dealership. Instead, they can directly access the update from their cars and download it from the web.
Many car manufacturers have also banded together to work on the problem. Carmakers have created the Auto Information Sharing Advisory Center (ISAC), which provides a platform for manufacturers to share data on security problems they encounter and the solutions and security features they devise. It’s sort of a “two heads are better than one” approach. By getting expert opinion across the industry, carmakers will place themselves in a much better position to handle the evolving landscape of hacking threats.
An institution called the National Highway Traffic Safety Administration (NHTSA) is also at the forefront of testing cars and figuring out ways hackers could take control of vehicles. With engineers dedicated to the task, they can determine what attacks may be launched and the likelihood of having those attacks succeed. Through their research, they’ve figured out ways hackers may control systems like horns, lights, locks, instrument panels, and even brakes. By sharing their findings, they can help carmakers be prepared for cyber attacks.
Even the men who made headlines with their Jeep Cherokee attack aren’t sitting idly by. They’ve developed a solution to the hacking problem — a device they refer to as an intrusion-detection system. The device works by monitoring the normal data patterns a car uses. Then it can detect when those data patterns change abnormally, essentially determining if anomalies are happening. If detected, the device can put the vehicle into “limp mode”, which disables high-level functions like power steering and the car’s network until the vehicle is restarted. Since a car’s communications are normally highly predictable, the device has a high accuracy rate of identifying anomalies.
This type of data sorting, not unlike analyzing clickstream data for businesses, could be the future of preventing car hackings. It has become an especially important issue as we move toward a future featuring self-driving automobiles. The more connected vehicles become to the internet and cloud computing, the more manufacturers will have to work to ensure cyber attackers can’t gain access to a vehicle’s most crucial systems. It may not be a major fear for the average consumer right now, but if the problem is ignored, it will likely be just as important as how many miles a car has driven.
~ Rick Delgado